Auto-Update: 2024-02-09T07:00:24.659687+00:00

2025-05-08 11:37:26 +00:00 · 2024-02-09 07:00:28 +00:00 · 2024-02-09 07:00:28 +00:00 · 2e7c86c9df
commit 2e7c86c9df
parent 3390df78b5
4 changed files with 149 additions and 34 deletions
--- a/CVE-2024/CVE-2024-06xx/CVE-2024-0657.json
+++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0657.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-0657",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-02-09T05:15:08.410",
  "lastModified": "2024-02-09T05:15:08.410",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page'  in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-08xx/CVE-2024-0842.json
+++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0842.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-0842",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-02-09T05:15:08.660",
  "lastModified": "2024-02-09T05:15:08.660",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-11xx/CVE-2024-1122.json
+++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1122.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-1122",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-02-09T05:15:08.840",
  "lastModified": "2024-02-09T05:15:08.840",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2013 Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3033231/wp-event-solution/tags/3.3.51/core/admin/hooks.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cbdf679-1657-4249-a433-8fe0cddd94be?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-02-09T05:00:25.262408+00:00
+2024-02-09T07:00:24.659687+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-02-09T04:15:08.210000+00:00
+2024-02-09T05:15:08.840000+00:00
 ```
 ### Last Data Feed Release
@ -29,48 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-238007
+238010
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `4`
+Recently added CVEs: `3`
-* [CVE-2023-43609](CVE-2023/CVE-2023-436xx/CVE-2023-43609.json) (`2024-02-09T04:15:07.583`)
+* [CVE-2024-0657](CVE-2024/CVE-2024-06xx/CVE-2024-0657.json) (`2024-02-09T05:15:08.410`)
-* [CVE-2023-46687](CVE-2023/CVE-2023-466xx/CVE-2023-46687.json) (`2024-02-09T04:15:07.813`)
+* [CVE-2024-0842](CVE-2024/CVE-2024-08xx/CVE-2024-0842.json) (`2024-02-09T05:15:08.660`)
-* [CVE-2023-49716](CVE-2023/CVE-2023-497xx/CVE-2023-49716.json) (`2024-02-09T04:15:08.007`)
+* [CVE-2024-1122](CVE-2024/CVE-2024-11xx/CVE-2024-1122.json) (`2024-02-09T05:15:08.840`)
 * [CVE-2023-51761](CVE-2023/CVE-2023-517xx/CVE-2023-51761.json) (`2024-02-09T04:15:08.210`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `72`
+Recently modified CVEs: `0`
 * [CVE-2009-1532](CVE-2009/CVE-2009-15xx/CVE-2009-1532.json) (`2024-02-09T03:22:27.067`)
 * [CVE-2009-1721](CVE-2009/CVE-2009-17xx/CVE-2009-1721.json) (`2024-02-09T03:22:38.687`)
 * [CVE-2009-2768](CVE-2009/CVE-2009-27xx/CVE-2009-2768.json) (`2024-02-09T03:22:43.770`)
 * [CVE-2009-0040](CVE-2009/CVE-2009-00xx/CVE-2009-0040.json) (`2024-02-09T03:25:43.877`)
 * [CVE-2009-0269](CVE-2009/CVE-2009-02xx/CVE-2009-0269.json) (`2024-02-09T03:26:02.317`)
 * [CVE-2011-0199](CVE-2011/CVE-2011-01xx/CVE-2011-0199.json) (`2024-02-09T03:18:23.823`)
 * [CVE-2012-5821](CVE-2012/CVE-2012-58xx/CVE-2012-5821.json) (`2024-02-09T03:18:43.307`)
 * [CVE-2014-1266](CVE-2014/CVE-2014-12xx/CVE-2014-1266.json) (`2024-02-09T03:19:52.270`)
 * [CVE-2015-8854](CVE-2015/CVE-2015-88xx/CVE-2015-8854.json) (`2024-02-09T03:01:53.227`)
 * [CVE-2019-0039](CVE-2019/CVE-2019-00xx/CVE-2019-0039.json) (`2024-02-09T03:16:30.397`)
 * [CVE-2019-12496](CVE-2019/CVE-2019-124xx/CVE-2019-12496.json) (`2024-02-09T03:20:19.517`)
 * [CVE-2020-4574](CVE-2020/CVE-2020-45xx/CVE-2020-4574.json) (`2024-02-09T03:16:35.507`)
 * [CVE-2021-25926](CVE-2021/CVE-2021-259xx/CVE-2021-25926.json) (`2024-02-09T03:12:43.137`)
 * [CVE-2022-29952](CVE-2022/CVE-2022-299xx/CVE-2022-29952.json) (`2024-02-09T03:16:01.237`)
 * [CVE-2022-29951](CVE-2022/CVE-2022-299xx/CVE-2022-29951.json) (`2024-02-09T03:16:09.380`)
 * [CVE-2022-31260](CVE-2022/CVE-2022-312xx/CVE-2022-31260.json) (`2024-02-09T03:16:13.837`)
 * [CVE-2022-35411](CVE-2022/CVE-2022-354xx/CVE-2022-35411.json) (`2024-02-09T03:16:18.977`)
 * [CVE-2022-30319](CVE-2022/CVE-2022-303xx/CVE-2022-30319.json) (`2024-02-09T03:27:04.150`)
 * [CVE-2023-51698](CVE-2023/CVE-2023-516xx/CVE-2023-51698.json) (`2024-02-09T03:15:09.000`)
 * [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2024-02-09T03:15:09.133`)
 * [CVE-2024-21399](CVE-2024/CVE-2024-213xx/CVE-2024-21399.json) (`2024-02-09T03:00:47.227`)
 * [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-02-09T03:15:09.317`)
 * [CVE-2024-0567](CVE-2024/CVE-2024-05xx/CVE-2024-0567.json) (`2024-02-09T03:15:09.447`)
 * [CVE-2024-23334](CVE-2024/CVE-2024-233xx/CVE-2024-23334.json) (`2024-02-09T03:15:09.603`)
 * [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-02-09T03:15:09.727`)
 ## Download and Usage